9 Upgrading OIM-OAM Integrated Environments set up Using Life Cycle Management Tool

If you had set up an Oracle Identity Manager – Oracle Access Management integrated environment in 11g Release 2 (11.1.2.3.0) using the Life Cycle Management (LCM) tool, follow the instructions in this chapter to upgrade the same to 12c (12.2.1.3.0).

Note:

The product Oracle Identity Manager is referred to as Oracle Identity Manager (OIM) and Oracle Identity Governance (OIG) interchangeably in the guide.

Topics

Topics:

9.1 About the OIM-OAM Integrated HA Topology Set Up Using LCM Tool

The sample topology is based on the split domain eight node topology described in the Enterprise Deployment Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0), that is deployed using the Life Cycle Management (LCM) tool.

This topology and the accompanying procedures in this chapter are provided to serve as an example for upgrading a highly available, integrated Oracle Identity and Access Management environment. Your specific Oracle Identity and Access Management installation will vary, but this topology and upgrade procedure demonstrates the key elements of the upgrade process, which can be applied to your specific environment.

For a complete description of the topology diagram, refer to the Enterprise Deployment Guide in the Oracle Identity and Access Management in the 11g Release 2 (11.1.2.3.0) Documentation Library.

Figure 9-1 OIM-OAM Integrated Topology Set Up Using LCM Tool

Description of Figure 9-1 follows
Description of "Figure 9-1 OIM-OAM Integrated Topology Set Up Using LCM Tool"

9.2 Supported Starting Points

Review the supported starting points for each of the components in your integrated environment in order to upgrade to 12c (12.2.1.3.0). If the components are in earlier versions, upgrade them to the version that is supported for 12c upgrade.

The following table lists the versions that are supported for upgrade of an integrated highly available environments.

Table 9-1 Supported Starting Points for Integrated HA Upgrade

Component Supported Starting Point

Oracle Identity Manager

11g Release 2 (11.1.2.3.0)

Oracle Access Management

11g Release 2 (11.1.2.3.0)

Oracle Adaptive Access Manager

11g Release 2 (11.1.2.3.0)

Oracle SOA Suite

11g Release 1 (11.1.1.9.0)

Oracle WebLogic Server

10.3.6

Oracle Adaptive Access Manager is not part of the Oracle Identity and Access Management suite for 12c (12.2.1.3.0), and hence will not be upgraded to 12c. Oracle Adaptive Access Manager 11.1.2.3.0 is compatible with Oracle Access Management 12c (12.2.1.3.0).

9.3 Roadmap for Upgrading OIM-OAM Integrated Environments set up Using Life Cycle Management Tool

Refer to the roadmap in this section for upgrading Oracle Identity Manager and Oracle Access Management integrated highly available 11.1.2.3.0 environments, set up using Life Cycle Management (LCM) tool, to 12c (12.2.1.3.0).

The following table describes the tasks that you must perform to upgrade an integrated topology described in About the OIM-OAM Integrated HA Topology Set Up Using LCM Tool.

Table 9-2 Tasks for Upgrading Integrated Environments Set Up Using LCM Tool

Task Documentation

Review the OIM-OAM integrated topology.

See, About the OIM-OAM Integrated HA Topology Set Up Using LCM Tool.

Review the supported starting points for integrated environment upgrade.

See, Supported Starting Points.

Ensure that the LDAP server and the Oracle Access Management have the same lockout value configured before you start the upgrade. That is, the lockout threshold of libOVD, OAM, and LDAP should be the same, else the lock and unlock use cases fail after upgrade.

This is applicable for a OIM-OAM integrated single node setup as well.

See, Setting the LockoutThreshold in Active Directory in the Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management for 11g Release 2 (11.1.2.3.0).

If you have configured Node Manager, ensure that the Node Manager is stopped before you proceed with the upgrade.

See, Stopping Servers and Processes

Check if Oracle Access Management (OAM) is integrated with Oracle Adaptive Access Management (OAAM) and/or Oracle Identity Manager (OIM) in a single domain.Check.

If Oracle Access Management is integrated with either Oracle Adaptive Access Management (OAAM) or Oracle Identity Manager (OIM), and if both the products are in a same domain, a separate OAM domain needs to be cloned that works with OAAM or OIM in the source domain. It is the cloned OAM domain that needs to be upgraded to 12c.

See, Checking if OAM and OAAM is in the Same Domain in an OAM-OAAM-OIM Integrated Setup

Also, complete any necessary pre-upgrade tasks for Oracle Access Management.

See, Completing the Pre-Upgrade Tasks for Oracle Access Management

Upgrade the Oracle Identity Manager on OIMHOST1 shared domain to 12c (12.2.1.3.0).

Do NOT start the servers after you upgrade.

See, Upgrading Oracle Identity Manager Single Node Environments.

Take a backup and delete the contents of the private domain.

It is recommended that you perform this step, or the soa-infra application continues to be in Prepared state instead of active state, post upgrade.

See, soa-infra Application is in ‘Prepared’ State Post Upgrade.

Pack the Oracle Identity Manager shared domain and unpack it into the private domain on OIMHOST1 and OIMHOST2.

See, Replicating the Domain Configurations on OIMHOST2.

Note:

Use the pack and unpack commands as described in the above section to pack the OIM shared domain and unpack it to the private domain on OIMHOST1 and OIMHOST2.

Start the Oracle SOA Suite Managed Servers and Oracle Identity Manager servers on OIMHOST1.

You must start the Administration Server from the shared domain and the Managed Servers from the private domain.

When you start the Oracle SOA Suite Managed Servers for the first time after upgrade, ensure that you do it with Business Process Management (BPM) property and Administration Server URL.

See, Starting the Servers.

If bootstrapping fails when you start the Oracle Identity Manager servers for the first time, follow the instructions described in OIM Bootstrap for DEPLOYSOACOMPOSITES Task Fails After Upgradeto resolve this, and then start the servers,

Restart the Administration Server, Oracle SOA Suite Managed Servers, and the Oracle Identity Manager Managed Servers on OIMHOST1 and start the Oracle SOA Suite Managed Servers, and the Oracle Identity Manager Managed Servers on OIMHOST2.

When you restart the Oracle SOA Suite Managed Servers for the second time after upgrade, ensure that you do it without Business Process Management (BPM) property.

See, Stopping Servers and Processes for stopping the servers.

See, Starting the Servers for starting the servers.

Upgrade the Oracle Access Management on OAMHOST1 shared domain to 12c (12.2.1.3.0).

Do not start the servers after you upgrade.

See, Upgrading Oracle Access Management Single Node Environments.

Pack the Oracle Access Management shared domain and unpack it to the private domain on OAMHOST1 and OAMHOST2.

See, Replicating the Domain Configurations on OIMHOST2.

Note:

Use the pack and unpack commands as described in the above section to pack the OAM shared domain and unpack it to the private domain on OAMHOST1 and OAMHOST2.

Start the Administration Server and the Oracle Access Management Managed Servers.

See, Starting Servers and Processes.

Note:

If you encounter any issues when upgrading Oracle Identity Manager , see Troubleshooting the Oracle Identity Manager Upgrade for troubleshooting tips.

If you encounter any issues when upgrading Oracle Access Management, see Troubleshooting the Oracle Access Management Upgrade for troubleshooting tips.